Paper 2021/1007

Provably Solving the Hidden Subset Sum Problem via Statistical Learning

Jean-Sebastien Coron and Agnese Gini

Abstract

At Crypto '99, Nguyen and Stern described a lattice based algorithm for solving the hidden subset sum problem, a variant of the classical subset sum problem where the $n$ weights are also hidden. As an application, they showed how to break the Boyko et al. fast generator of random pairs $(x,g^x \pmod{p})$. The Nguyen-Stern algorithm works quite well in practice for moderate values of $n$, but its complexity is exponential in $n$. A polynomial-time variant was recently described at Crypto 2020, based on a multivariate technique, but the approach is heuristic only. In this paper, we describe a proven polynomial-time algorithm for solving the hidden subset-sum problem, based on statistical learning. In addition, we show that the statistical approach is also quite efficient in practice: using the FastICA algorithm, we can reach $n=250$ in reasonable time.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Hidden subset-sum problemlattice attackstatistical attack
Contact author(s)
jscoron @ gmail com
agnese gini @ uni lu
History
2021-08-03: received
Short URL
https://ia.cr/2021/1007
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/1007,
      author = {Jean-Sebastien Coron and Agnese Gini},
      title = {Provably Solving the Hidden Subset Sum Problem via Statistical Learning},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/1007},
      year = {2021},
      url = {https://eprint.iacr.org/2021/1007}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.